I am seeing this "Critical (Collector Buffer greater than 50MB)" on my Forticollector. Can this be resolved by increasing the buffer size and is there a formula for sizing it correctly?
Solved! Go to Solution.
We replaced this collector because it was running with excessive CPU usage. The new collector remains healthy and buffer and CPU usage is normal.
I am not sure on how to expand the cache but may be you can try to resolve it. You can check if the hypervisor and workers have high number of .err files in their caches and try to delete them
- Delete the error files.
rm -rf /opt/phoenix/cache/parser/upload/svn/*.err/*.err
I am not seeing any err files in that location
The message could indicate that the collector is not able to upload events to the super/worker. You can check the cached files on the collector by using the following procedure:
Thanks
I am seeing this:
"Last login: Fri Dec 15 02:18:06 2023 from 10.80.61.2
[root@wtl-forticollector-1 ~]# cd /opt/phoenix/cache/parser/events
[root@wtl-forticollector-1 events]# ls | wc –c
wc: –c: No such file or directory
[root@wtl-forticollector-1 events]# ls
monitor0lXXEk monitor5jdzpB monitor9lLmgl monitorbWLWLv monitordU59Zw monitorJeNX2X monitorLm7r8S monitorripWzk svn
[root@wtl-forticollector-1 events]# ls -lt
total 32
-rwxr-xr-x 1 admin admin 196 Dec 13 20:53 monitorJeNX2X
-rwxr-xr-x 1 admin admin 196 Dec 8 18:10 monitor5jdzpB
-rwxr-xr-x 1 admin admin 196 Dec 8 13:38 monitorripWzk
-rwxr-xr-x 1 admin admin 196 Dec 6 14:24 monitor0lXXEk
-rwxr-xr-x 1 admin admin 196 Nov 17 15:02 monitor9lLmgl
-rwxr-xr-x 1 admin admin 66 Nov 3 15:08 monitordU59Zw
-rwxr-xr-x 1 admin admin 70 Sep 9 15:13 monitorbWLWLv
-rwxr-xr-x 1 admin admin 70 Sep 9 15:13 monitorLm7r8S
drwxr-xr-x 2 admin admin 6 Sep 1 01:20 svn"
We our on version 6.7.8
Are the processes up on the collector? you could run phstatus to check.
Yes all processes are up.
We replaced this collector because it was running with excessive CPU usage. The new collector remains healthy and buffer and CPU usage is normal.
Is there any other solution other than replacing the collector?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.